File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Java in General and the fly likes Enforcing Security Permissions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "Enforcing Security Permissions" Watch "Enforcing Security Permissions" New topic

Enforcing Security Permissions

Yohan Liyanage
Ranch Hand

Joined: Aug 17, 2007
Posts: 132


I am building a distributed system where class files are downloaded from remote machines and executed locally. I use a custom ClassLoader implementation to retrieve necessary classes.

However, I want to ensure that the remote code which is executed locally is not allowed to use files, invoke System.exit()... etc. In other words, I want to ensure that the remote code is executed in a sandbox.

Also, I need t ensure that the rest of the application is not affected by these limitations.

If I am to use a SecurityManager and a policy file, how can I ensure that only the code remotely loaded by my class loader is limited from permissions ?

Any suggestions to solve this issue is greatly appreciated.


Yohan Liyanage
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42959
If I may plug my own stuff, this article describes how to use a classloader in conjunction with a security manager to restrict the loaded classes from certain operations. Source code is included.
Yohan Liyanage
Ranch Hand

Joined: Aug 17, 2007
Posts: 132

Thanks a lot for the reply Ulf .

I looked into the code, but found some methods are deprecated now, and I couldn't find an alternative way to get the code working without those methods (JavaDoc says to use checkPermission but I couldn't find out how that could be helpful to find which classloader loaded the class).

Finally, I got it working using policy files.

Here's what I did:

In my ClassLoader, I used the "http://my.remote.loaded.code.base" as the CodeSource when I defined my classes.

Code Base "file:/-" matches with rest of the classes, which are loaded from the file system.

So this way, I got my remote code running in a sandbox.
[ August 01, 2008: Message edited by: Yohan Liyanage ]
I agree. Here's the link:
subject: Enforcing Security Permissions
It's not a secret anymore!